Promoting security awareness and development.

« Back to Events

May 12th, 2017 meeting

Fri, May. 12, 2017 2:00pm — 4:00pm

Add this to Calendar



May 12th, 2017


2:00pm to 4:00pm (PDT)


KPMG KCampus - 4th floor

777 Dunsmuir Street, V7Y 1K3, Vancouver B.C.

Please be punctual for entry to the meeting room

RSVP Required – register at Eventbrite


Security Testing for DevOps


Yang Yu (Ping Identity)



Security testing could mean many different things. In this presentation, it’s mainly referring to security functional testing, a type of software testing whose main goal is to make sure security controls in an application are working as expected. For example, if account locking is used to prevent brute­ force attacks, there should be corresponding tests to verify that account locking is working properly.

Sounds simple? But surprisingly, the development processes of many applications don’t include this type of testing. They use static analysis tool to scan the source code, they use dynamic analysis tool to scan the application, but they don’t cover this basic hygiene!

To develop effective security tests, it’s important to have a good understanding of the real threats to the application and let the threats drive the creation of the tests.

In the DevOps world, security functional testing is a perfect security control to integrate with the pipeline and to promote collaboration between Dev and Security.

After attending this presentation attendees should be able to understand:

● The importance of automated security functional testing

● How to use threat modeling to drive the testing

● How to integrate the testing into CI/CD pipeline

● The pitfalls that you need to watch out for




Yang Yu is a developer turned security engineer at Ping Identity. He is experienced in securing on­ premise and SaaS applications, running a secure SDLC program, and performing information security risk assessments. His current interest is in integrating security with DevOps.



RSVP Required – register at Eventbrite